CSRF verification failed. Request aborted when updating a form

Question

I have the following template

{% block content %}
    <form enctype="multipart/form-data" action="" method="post">{% csrf_token %}
    {% for field in form %}
        {{ field.label_tag }} {{ field }}
    {% endfor %}
    <input type="submit" value="Submit">
    </form>
{% endblock %}

Which is build up using this model

class TProfiles(models.Model):
    id = models.IntegerField(primary_key=True)  # AutoField?
    first_name = models.CharField(max_length=45, blank=True)
    surname = models.CharField(max_length=45, blank=True)
    email = models.CharField(max_length=45, blank=True)

class Meta:
    managed = False
    db_table = 'profiles'

class TProfilesForm(ModelForm):
    class Meta:
        model = TProfiles
        fields = ['first_name', 'surname', 'email']

Which get passed to the view

def register(request):
    form = TProfilesForm()

    if request.method == 'POST':
        form = TProfilesForm(request.POST)
        if form.is_valid():
            form.save()

    return render_to_response("register.html", {
        "form": form,
    })

However, I keep getting errors when trying to save the fields. CSRF errors seem to come in many flavours...

EDIT - Error message

Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
    CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's   CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.

They may indeed come in many flavours, but yours is *explicitly* addressed by the error message you saw (but did not post) when you tried this; you are not using a RequestContext. — Daniel Roseman, Oct 19 '14 at 15:44
Apologies, please see my edit. This is everything on the error page that I can see. — Jon, Oct 19 '14 at 16:26

score 0 · Answer 1 · edited May 23 '17 at 12:05

The answer seems to be to add RequestContext(request) to the return statement. So my code looks like:

def register(request):
    form = TProfilesForm()

    if request.method == 'POST':
        form = TProfilesForm(request.POST)
        if form.is_valid():
            form.save()


    return render_to_response("register.html", {
        "form": form,
    }, RequestContext(request))

The answer was found here

score 0 · Accepted Answer · answered Oct 19 '14 at 22:36

0

Or Simply Use render instead of render_to_response:

return render(request,"register.html", {"form": form,})

With import :

from django.shortcuts import render

answered Oct 19 '14 at 22:36

Cherif KAOUA

834
12
21

CSRF verification failed. Request aborted when updating a form

2 Answers2